Sends User Information To Third Parties, Violating Its Own Privacy Policy

Adrianne Jeffries | The Verge | October 31, 2013

Here's more evidence of cutting corners during the development of the insurance marketplace: the website appears to be violating its own privacy policy by sending private user information to third parties.

Security researcher Ben Simo noticed that was sending his user name and password reset code to third party partners including the analytics services Pingdom, DoubleClick, and Google Analytics.

The risk to users is low since the information is encrypted as it is sent, and those partners are all reputable companies. However, the oversight may constitute a violation of the site's own privacy policy, which says, "No personally identifiable information is collected by these tools."

Facebook and Myspace were fined by the Federal Trade Commission (FTC) for similar infractions last year.